Colin Percival from FreeBSD reported that the previous fix for the
file_printf() buffer overflow introduced a new integer overflow.

Impact

A remote attacker could entice a user to run the file program on an
overly large file (more than 1Gb) that would trigger an integer
overflow on 32-bit systems, possibly leading to the execution of
arbitrary code with the rights of the user running file.

Workaround

There is no known workaround at this time.

Resolution

Since file is a system package, all Gentoo users should upgrade to the
latest version: